The malware is an updated version of a much older banking Trojan, , which was used by cyber criminals to steal millions of dollars from U.S. banks. The group's plan apparently is to plant the Trojan program on numerous websites and to infect computers when users visit those sites.

The Trojan is triggered when the user of an infected computer types out certain words -- such as the name of a specific bank -- into a URL string.

Unlike the original Gozi, the new version is capable not only of communicating with a central command-and-control server but also of duplicating the victim's PC settings. The Trojan essentially supports a virtual machine cloning feature that can duplicate the infected PC's screen resolutions, cookies, time zone, browser type and version and other settings. That allow the attacker to access a victim's bank website using a computer that appears to have the infected PC's real IP address and other settings, Ahuvia said.

"Impersonated victims' accounts will thus be accessed via a SOCKS proxy connection installed on their infected PCs, enabling the cloned virtual system to take on the genuine IP address when accessing the bank's website," she said in her alert.

Victims of fraudulent wire transfers will not immediately know of the theft because the gang plans on using VoIP flooding software to prevent victims from getting bank notifications on their mobile devices, she added.